802.11s Security and Google WiFi

Posted by Paul Devitt, Security Engineer

Making sure your home network and information stay secure is our top priority. So when we launched the Google OnHub home router in 2015, we made sure security was baked into its core. In 2016 we took all we learned from OnHub and made it even better by adding mesh support with the introduction of Google Wifi.Secure to the core - AlwaysThe primary mechanism to making sure your Wifi points stay safe is our verified boot mechanism. The operating system and code that your OnHub and Google Wifi run are guaranteed to have been signed by Google. Both OnHub and Google Wifi use Coreboot and Depthcharge from ChromeOS and ensure system integrity by implementing DM-Verity from Android. To secure Userspace, we use process isolation with Seccomp-BPF and a strict set of policies.

On the software side, Google Wifi and OnHub are subject to expansive fuzz testing of major components and functions. The continual improvements found by fuzzing are fed into Google Wifi and OnHub, and are made available through the regular automatic updates, secured by Google’s cloud.802.11s Security for WiFiIn 2016 with the launch of Google Wifi, we introduced 802.11s mesh technology to the home router space. The result is a system where multiple Wifi Points work together to create blanket coverage. The specification for 802.11s recommends that appropriate security steps be taken, but doesn’t strictly define them for people to use. We spent significant time in building a security model into our implementation of 802.11s that Google WiFi and OnHub could use so that your network is always comprised of exactly the devices you expect.

As each mesh node within the network will need to speak securely to its neighboring nodes, it's imperative that a secure method, which is isolated from the user, is established to form those links. Each Wifi node establishes a separate encrypted channel with its neighbors and the primary node. On any major network topology change (such as a node being factory reset, a node added, or an event where an unexpected node joins the network), the mesh will undergo a complete cycling of the encryption keys. Each node will establish and test a new set of keys with its respective neighbors, verify that it has network connectivity and then the network as a whole will transition to the new keys.

These mesh encryption keys are generated locally on your devices and are never transmitted outside of your local network. In the event that a key has been discovered outside of your local network, a rekeying operation will be triggered. The rekeying operations allow for the mesh network to be fully flexible to the user’s desire and maintain a high level of security for devices communicating across it.Committed to securityWe have an ongoing commitment to the security of Google Wifi and OnHub. Both devices participate in the Google Vulnerability Rewards Program (VRP) and eligible bugs can be rewarded up to $20,000 (U.S). We’re always looking to raise the bar to help our users be secure online.